The Power of Chocolate
Never underestimate the power of chocolate...but be wary if someone offers you
a Snickers bar in exchange for your password.
Infosecurity Europe has repeated
its study involving exchanging sweets for end users' passwords, and revealed
are four times as likely to divulge their passwords as men when presented
with chocolate as a reward. How terrifyingly Pavlovian.
The survey was actually a cleverly designed exercise in social engineering,
with the ultimate goal of impressing upon workers the importance of becoming
more information security-savvy. Researchers posted in downtown London polled
workers as they commuted to work. They found 45 percent of the women surveyed
and 10 percent of the men were ready to give up their passwords for a sweet
While this may seem a bit scary to those of you charged with keeping
your network locked down, it's a better result than last year's survey, when
64 percent eagerly handed over the keys to the kingdom for a couple of Cadburys.
That's not all the survey revealed. "Our researchers also asked for workers'
names and telephone numbers so that they could be entered into a [drawing] to
go to Paris," said Claire Sellick, event director for Infosecurity Europe
and head of the study, in a statement. "With this incentive, 60 percent
of men and 62 percent of women gave us their contact information."
That's a serious personal breach, and most people are completely unaware of
the risks. "Once a criminal has your date of birth, name and phone number,"
Sellick said, "they are well on the way to carrying out more sophisticated
social engineering attacks on you, such as pretending to be from your bank or
phone company and extracting more valuable information that can be used in ID
theft or fraud."
Me? I'd be more than happy to turn over my password for a nice glass of single
malt scotch. What do you do to ensure that your users safeguard the company's
jewels? What policies do you put in place? And -- be honest now -- have you
ever shared your password? Share your secrets with me at [email protected].
Government Spending Spree
Your tax dollars hard at work: The government has been on a bit of a shopping
spree when it comes to upgrading systems at the FBI, Defense Logistics Agency
and the U.S. Air Force.
GTSI just earned
a contract to upgrade the FBI's IT infrastructure. The upgrades will cover
the entire enterprise from FBI headquarters to several key field offices. The
$290 million contract is for one year, with options to extend for four more
CACI International will be working
with the Defense Logistics Agency to upgrade its medical supply chain and
health care services for our fighting forces around the globe. The five-year,
$54.8 million contract to upgrade the Defense Medical Logistics Standard Support
program sounds like money well-spent. As far as I'm concerned, the men and women
in our armed forces deserve the best health care they can get.
And Hewlett-Packard Co. earned a five-year,
$400 million contract to cover the U.S. Air Force's imaging and printing
needs. This will include a full evaluation the USAF's printing infrastructure,
consulting services and actual products.
Sure, they're spending our money, but this definitely makes me feel better
than hearing about multiple millions spent on studies that reveal such deep
secrets as exercising every day is good for you, or subsisting on a diet of
pizza and Klondike bars is bad for you.
To read more about the government's activities in the world of IT, check out
our sister publications Federal
Computer Week and Government Computer
Do you work directly for a government agency? Does your company do any work
for government agencies at any level? How do you feel the government IT landscape
is looking? Requisition a response to me at [email protected].
Lawyers in Lawsuits
Microsoft isn't the only one having fun launching -- or defending against --
intellectual property lawsuits.
Hard drive heavyweight Seagate has filed
a patent infringement suit against STEC, claiming the latter's solid-state
drives violate four interface-related patents held by Seagate. Seagate filed
its suit in the Federal District Court in the Northern District of California.
Apparently, Seagate has plans to dive deeply into the solid-state drive market
this year, and it promises to be a lucrative venture. Already, this new storage
technology is making waves with the Apple MacBook Air and the HP Mini. Solid-state
drives are built with chips, so they have no moving parts, unlike traditional,
mechanical hard drives. Besides being much smaller, they're more reliable, quieter,
faster, generate less heat and use less power. Like any new technology, though,
right now they're still much more expensive.
Have you played around with any solid-state storage yet? Any plans to change
your storage infrastructure? Have any of these high-profile lawsuits had any
impact on what you do? Depose your thoughts to me at [email protected].
'Stirling' Now in Beta
Microsoft has just released its integrated security control system Forefront
to public beta. Codenamed "Stirling," the beta is now ready
Stirling -- or "Forefront," as it'll be called once it ships -- gives
you updated and integrated view of all aspects of your security infrastructure,
including endpoint security, network edge security, and messaging and collaboration
From that single management console, you can check and update your security
settings, including configuration, reporting and setting alerts. The console
is also linked for direct and immediate remediation. Role-based administration
lets you customize views for other staffers so they only see what they need
to see. To download Stirling or to read more about Forefront, go here.
Do you plan on checking out Forefront? Have you already? Let us know when you
do. We'd love to chat with you for a Reader Review story. Release a beta
version of your comments to me at [email protected].
Lafe Low is the editorial liaison for ECG Events.